Regulatory and Legislative Analysis #1
CipherTrace’s Current Trends in Ransomware Report
CipherTrace has published its RansomwareA type of malicious program that is designed to encrypt a sy... More report in April 2022. Ransomware continues to be a major cybersecurity challenge that impacts us all – from big industry to small businesses to individuals. In 2021, we analyzed trends in ransomware usage and bottled those up in our latest Current Trends in Ransomware Report. Here’s a snapshot of what you’ll find in the report:
- Double extortion ransomware increased nearly 500% in 2021
- Bitcoin (BTC) remains the preferred payment system, but MoneroMonero (XMR) is an open-source cryptocurrency created in Apr... More (XMR) has jumped sharply in adoption by ransomware groups
- The first six months of 2021 saw payments to ransomware groups of $590m, an increase of 42% over the whole of 2020
Regulatory and Legislative Analysis – United States
President Biden to Sign Executive Order on Ensuring Responsible Development of Digital Assets
The Executive Order will require the Administration, Congress, and agencies across the federal government to work towards establishing policies and regulations that will guide the ongoing development of digital assets. This will occur over the next seven months. The Executive Order emphasizes the need for cooperation between the private sector to help study and support technological advances in digital assets. The emphasis is on promoting economic competitiveness while balancing the need to protect consumers, investors, and businesses and mitigate illicit activities.
US Treasury Secretary, Janet Yellen, focused on Executive Order in her remarks on April 7th
Secretary Yellen echoed the US’ Executive Order on responsible development of digital assets while protecting financial stability, consumers, and investors, and mitigating illicit activity. She specifically noted risks associated with Stablecoins, given the analysis shared by Treasury, President’s Working Group on financial markets, FDIC, and OCC in Nov 2021. Secretary Yellen also stated that agencies are working together to outline a framework per the executive order, and she encourages a technology-neutral approach that focuses on types of risk and activity as opposed to the nature of the underlying technology.
Office of Foreign Assets Control (OFAC) updates Specially Designated National (SDN) entry for Lazarus Group on April 14th and April 22nd due to Ronin Hack connection
Ronin is a sidechain linking to the Ethereum blockchainA blockchain is a shared digital ledger, or a continually up... More; it was specifically created for the non-fungible token gaming functionality of Axie Infinity. Ronin was hacked in late March for approximately $620 million in Ether. In an April 14th statement, the Federal Bureau of Investigation confirmed that the Ronin hack was perpetrated by North Korea’s Lazarus Group and APT38. Subsequently, OFAC updated SDN entries for the Lazarus Group twice to include these newly identified components, including four Ethereum addresses (one added on April 14th and three added on April 22nd). OFAC continues to have an active 2022 with regards to designations in the virtual assetThe term "virtual asset" refers to any digital representatio... More ecosystem.
Regulatory and Legislative Analysis – EMEA
European Parliament’s Economic and Monetary Affairs Committee and Committee on Civil Liberties, Justice and Home Affairs voted to approve amendments to Transfer of Funds Regulation on March 31st
If enacted, this would result in numerous changes to the EU’s AML existing regs. The European Supervisory (Banking) Authority would be required to maintain a “…public register of entities, crypto-asset servicesGeneral services, including non-profits, forums and news sit... More, and walletA wallet is a device (a hardware device, a program, or servi... More addresses that are higher risk of money-laundering, terrorist financing, or other criminalA Criminal is an individual or group who has been convicted ... More activities.” Additionally, providers of crypto-asset transfers would be required to get information on a sender/beneficiary for un-hosted wallets transactions and confirm the accuracy of information provided by their client. This is not final and requires an announcement at EU Parliament plenary session where it could be challenged. The process could take several months, but if it were to become law, the industry would have approximately 12-18 months to fully comply.
European Banks seeking and attaining virtual asset licensures in various jurisdictions – Bison Bank in Portugal and Commerzbank in Germany
In April, Bison Digital Assets S.A. is the first traditional banking institution to appear on the Banco de Portugal’s list of regulated of virtual asset service providers. Bison Digital Assets S.A. will be the first crypto bank in Portugal to offer custody, brokerage, and exchange services of virtual assets to individuals and institutions. Similarly, in Germany, Commerzbank applied to BaFin for a crypto custody license earlier in 2022. If approved, Commerzbank would offer exchange, custody, and protection of cryptoassets.
United Arab Emirates – various legislative and regulatory developments for Abu Dhabi and Dubai
A Decentralized Finance (DeFi) discussion paper was issued on April 13th by the Financial Services Regulatory AuthorityThe name of the regulatory agency to which a VASP is registe... More (FSRA) of Abu Dhabi Global Markets (ADGM). It was issued to engage with industry practitioners and other stakeholders and explore the potential opportunities arising from DeFi, associated risks and what a future regulatory framework may resemble. The FSRA believes that regulatory intervention for DeFi will need to take place, but they do not believe DeFi’s size is systemically impactful at this time. In separate news, Kraken received a full license from the ADGM on April 25th after meeting all approval conditions from the FSRA of the ADGM. Kraken will become the first global VASP to attain a Financial Services Permission license. Lastly, a new Virtual Assets (VAs) Law No.4/2022 came in force in Dubai, on March 11, 2022. It establishes the “Virtual Assets Regulatory Authority” (VARA) as Dubai’s primary regulator for VAs and VASPs. The Vara will have the authority to take actions, including suspending VASPs.
Regulatory and Legislative Analysis – LATAM
Brazil Senate approves Virtual Asset Bill on April 26th
After numerous drafts and the combination of efforts, Brazil’s Senate passed a cryptocurrencyA cryptocurrency (or crypto currency) is a digital asset des... More governing bill during a plenary session. It was confirmed that the executive branch will take responsibility for crypto asset rules; the executive branch would also be required to delegate regulatory authority to the Securities and Exchange Commission, Central Bank of Brazil, or a newly created agency. The bill also articulates penalties/punishments will exist for illicit activity and these would be proportional to the dollar amount of an occurrence. Lastly, the bill incentivizes mining that use renewable energy sources.
The Asamblea Nacional Panama (National Assembly of Panama) issues Project Law No. 697 to regulate the commercialized use of crypto assets
The National Assembly of Panama has issued a law to regulate the commercialized use of crypto assets. For this to be executed, there is still a 30-day period for objection by the Executive. it also still requires the President’s signature, though, veto authority may simply send the project back for editions rather than the removal of the project in its entirety. While not mandatory, the law would allow individuals and merchants to agree to the use of crypto assets as a means of payment without any limitation. Several cryptocurrencies are mentioned by name. Additionally, this could permit citizens from paying taxes in cryptocurrency. Lastly, the National Bank of Panama will be the responsible supervisory entity over these activities.
Regulatory and Legislative Analysis – APAC
Australia’s Australian Prudential Regulation Authority (APRA) Risk management expectations and policy roadmap regarding crypto-assets
The APRA is an independent statutory authority that supervises institutions across banking, insurance and superannuation and promotes financial system stability in Australia. On 21 Apr 2022, APRA released a letter, setting out initial risk management expectations for all regulated entities that engage in activities associated with crypto-assets, and a policy roadmap for the period ahead.
APRA expects that all regulated entities to adopt a prudent approach if they are undertaking activities associated with crypto assets, conduct appropriate due diligence, and ensure they understand, mitigate and control risks before launching new initiatives.
Thailand’s Security and Exchange Commission (SEC) bans crypto for payments effective April 1st
Thailand’s SEC issued regulation to govern the “provision services of digital asset business operators to avert support or promotion of the use of digital assets as a means of payment for goods and services”. The SEC exercised its authority to restrict digital assets from payments; stated in Board Meeting No. 3/2565 on March 3rd. Businesses not previously engaged in this had until April 1st to comply, while businesses currently engaged have another 30 days to comply. Thailand’s SEC and the Bank of Thailand reviewed the benefits and risks of digital assets and issued a joint press release on January 25th noting that it would be necessary to regulate digital assets as a means of payment to protect the country’s financial stability. It also noted risks for cyber theft, personal data loss, and money laundering.
Global Regulation – Why It Matters
While there is some global direction on VA and VASP topics from entities such as the Financial Action Task Force and BASEL, individual country approaches will continue to vary. Balancing country-specific economic goals with legislative and regulatory frameworks take many different shapes. It’s critical to under your local and national direction, but equally as useful to understand broader information that may be present in your region, or even globally. Anti-money laundering, counter terrorist financing, and fraud prevention are at the heart of most country-specific legislation and regulation; these are critical components to combatting illicit finance. At CipherTrace, we continue to analyze global regulatory and legislative developments to continuously improve our products and services. This renovated newsletter now has additional focus on regulatory and legislative topics given their increased and voluminous nature.